[Sussex] Tight File Server

Nico Kadel-Garcia nkadel at gmail.com
Fri Jul 13 03:34:33 UTC 2007


Andy Smith wrote:
> Hi,
>
> On Thu, Jul 12, 2007 at 09:44:09AM +0100, Nic James Ferrier wrote:
>   
>> "Nico Kadel-Garcia" <nkadel at gmail.com> writes:
>>
>>     
>>> As soon as you do *anything* CPU intensive, such as SSL access, SSH access,
>>> virtual hosts,  serving more than a few users at a time, you're going to
>>> start swapping like nobody's business. This is going to dog any noticeable
>>> performance even worse than the slow CPU will. Like handcarving your own
>>> doorknobs, it's usually easier and faster just to buy them or even salvage
>>> them.
>>>       
>> Hmmm... maybe the security could be done with just IP restriction?
>>
>> If the risk is even relatively high (not national security, or vital
>> competitive data) IP restriction could work at very low CPU/memory
>> cost.
>>     
>
> Without transport layer encryption (e.g. SSL, SSH, TLS etc.) any
> machine on the LAN can snoop on any other machine on the LAN.
> Perhaps that is not an issue if everyone on the LAN is to be able to
> read everything on the fileserver, but also think about any visitors
> to the office who may wish to plug in their laptops or join the
> netork via wifi on their phones.
>   
??? In order for "any" machine to snoop on "any" machine, it has to see 
the packets, by being on a hub, by cleverly reprogramming hte 
upswitches, or by being a man in the middle.

But yeah, packet sniffing is an old and popular hobby.






More information about the Sussex mailing list